# frozen_string_literal: true

module QA
  RSpec.describe 'Govern', :runner, :external_api_calls, product_group: :threat_insights do
    describe 'Vulnerability Report Security Training' do
      let(:vuln_name) { "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" }

      let(:training_providers) { ["Kontra", "Secure Code Warrior"] }
      let(:secure_code_warrior_url) { "portal.securecodewarrior.com" }
      let(:kontra_url) { "application.security/gitlab/free-application-security-training" }
      let(:secure_code_warrior_text) { training_providers[1] }
      let(:kontra_text) { training_providers[0] }
      let!(:gitlab_ci_yaml_path) { File.join(EE::Runtime::Path.fixture('secure_premade_reports'), '.gitlab-ci.yml') }
      let!(:gitlab_sast_report_json) do
        File.join(EE::Runtime::Path.fixture('secure_premade_reports'), 'gl-sast-report.json')
      end

      let!(:project) do
        Resource::Project.fabricate_via_api! do |project|
          project.name = 'vulnerability-report-security-training'
          project.description = 'To Test integration with security training in vulnerability report'
        end
      end

      let!(:runner) do
        create(:project_runner, project: project, name: "runner-for-#{project.name}", tags: ['secure_report'])
      end

      let!(:repository) do
        Resource::Repository::Commit.fabricate_via_api! do |commit|
          commit.project = project
          commit.commit_message = 'Add report files and .gitlab-ci.yml'
          commit.add_files([{ file_path: '.gitlab-ci.yml', content: File.read(gitlab_ci_yaml_path) }])
          commit.add_files([{ file_path: 'gl-sast-report.json', content: File.read(gitlab_sast_report_json) }])
        end
      end

      before do
        Flow::Login.sign_in
        project.visit!
      end

      after do
        runner.remove_via_api!
      end

      it 'shows security training section for supported vulnerabilities when the setting is toggled ON',
        testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/411764' do
        # Enable two security training providers
        toggle_training_providers("on")

        visit_vulnerability(vuln_name)

        QA::EE::Page::Project::Secure::VulnerabilityDetails.perform do |vulnerability_details|
          aggregate_failures "testing vulnerability details" do
            expect(vulnerability_details.security_training_present?(training_name: secure_code_warrior_text)).to be true
            expect(vulnerability_details.training_link_present?(training_name: secure_code_warrior_text,
              url: secure_code_warrior_url)).to be true

            expect(vulnerability_details.security_training_present?(training_name: kontra_text)).to be true
            expect(vulnerability_details.training_link_present?(training_name: kontra_text,
              url: kontra_url)).to be true
          end
        end
      end

      it 'does not show security training section in vulnerability details when the setting is turned OFF',
        testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/412398' do
        toggle_training_providers("off")
        visit_vulnerability(vuln_name)

        expect(QA::EE::Page::Project::Secure::VulnerabilityDetails.perform(&:training_header_present?)).to be false
      end

      def toggle_training_providers(toggle_to = "on")
        Page::Project::Menu.perform(&:go_to_security_configuration)
        click_link("Vulnerability Management")
        QA::EE::Page::Project::Secure::VulnerabilitySecurityTraining.perform do |security_training|
          training_providers.each do |provider|
            security_training.toggle_training_provider(provider, toggle_to)
          end
        end
      end

      def visit_vulnerability(vulnerability_name)
        Page::Project::Menu.perform(&:go_to_vulnerability_report)
        QA::EE::Page::Project::Secure::SecurityDashboard.perform do |security_dashboard|
          security_dashboard.wait_for_vuln_report_to_load
          expect(security_dashboard).to have_vulnerability(description: vulnerability_name)

          security_dashboard.click_vulnerability(description: vulnerability_name)
        end
      end
    end
  end
end
